Full Disclosure mailing list archives
Re: CertificationMagazine - Blind SQL Injection Vulnerability
From: Tomy <support () vs-db info>
Date: Sat, 24 Dec 2011 22:25:39 +0100
Hi Vulnerability-Copy-Paste-Leech-LAB You are funny KIDS Vulnerability-Lab Let's clear something HISTORY: 1. You had posted first 1 year old BUG - leeched from MY VULNERABLE Sites DATABASE 2. i have sent you info / full disclosure that it was very OLD BUG - reported YEAR ago. (this wasn’t an attack!) 3. You have posted second 1.5 Year old BUG 4. i have sent you info / full disclosure that it was OLD BUG reported may 2010 (this wasn’t attack) 5. ATTACK FROM Vulnerability-LAB - 100% lies and fabricated stories in order to discredit me and my friends from Ariko-Security. You don’t understand simple english – I am not ariko-security member – here is this sentence in German: Ich bin nicht in einer Gruppe Ariko-Security You smoke too much: 1. " then records of the databases that u dumped... because of the fact that you guys hack illegal into web-servers and dump the databases and do not notify the vendor." YEAH LOL 2. "Some weeks ago another AS member asked us ... why we do not work with you guys (vs-db.info & AS)? He also asked us multiple times for selling the dumps of hacked databases!?" nice children's imagination 3. "Also if you view in context what we do vs what you do there is no way we want to work with you." LOL AGAIN , some facts: ID: 26 845 6056 2 - IHK - 34125 Kassel (Germany) - Evolution Security - fake company - NOT REGISTERED IN GERMANY , NO VAT ID 5. DevSec - nice empty web page – also fake company – no VAT ID in netherlands Welkom op devsec.nl Please DO NOT SPAM MORE FD, if You want something from ME simply mail me. Tomy / Vulnerable Sites Database Wiadomość napisana przez research () vulnerability-lab com w dniu 23 gru 2011, o godz. 17:57:
Hi Tomy, After you wrote us now the second e-mail we want to make something very clear to u and everyone @ vs-db.info & ariko-security 1. Your website is serves no point other then records of the databases that u dumped... because of the fact that you guys hack illegal into web-servers and dump the databases and do not notify the vendor. You guys tell the researchers around you that you do some security stuff ... i think you guys are just fucking criminals. Thats why nobody respects the work you do anywhere. 2. Some weeks ago another ariko-security member asked us ... why we do not work with you guys (vs-db.info & ariko-security)? He also asked us multiple times for selling the dumps of hacked databases!? To answer that once more we are not interested in selling stolen information as said many times before. Why ?! Mainly due the fact that this is a criminal offence. And so a no go in our vision for the future of vulnerability-lab.com 3. Also if you view in context what we do vs what you do there is no way we want to work with you. We - Inform vendors - Verify vulnerabilities/bugs to ensure validity - Disclosure after contact with vendor or after multiple tries to contact the vendor - Discolsure policy - Try to protect vendors and customers of those vendors You - Dont inform vendor - No Discolsure policy - No verfication other then a picture - Selling of illegally dumped databases/information to make money 4. If so that you say that you are all that good an you are so awsome in what you do why is a 1.5 year old bug (if this infact true) still unpatched when we found it!? Sounds to me that u dumped the database then probably sold it off and then forgot all about it. Instead of contacting the vendor/webmaster etc. So clearly you have no idea of what working in security is about. Your are only trying to rape the benefits of a trick that you know. I hope that you see this as a wake up call and warning as next time we might not be as friendly. Best Regards, The Vulnerability-lab Team. Am 23.12.2011 11:32, schrieb Tomy:http://www.vs-db.info/?p=593 MAY 2010 - Nice that you can find 1.5 YEARS old hole LOL! Tomy Wiadomość napisana przez research () vulnerability-lab com w dniu 20 gru 2011, o godz. 17:08:http://www.certmag.com/Tomy support () vs-db info-- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: admin () vulnerability-lab com or support () vulnerability-lab com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Tomy support () vs-db info
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- CertificationMagazine - Blind SQL Injection Vulnerability research () vulnerability-lab com (Dec 22)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability Tomy (Dec 23)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability research () vulnerability-lab com (Dec 24)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability Super vulnerability-lab hack Tomy (Dec 23)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability Super vulnerability-lab hack Thor (Hammer of God) (Dec 24)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability Super vulnerability-lab hack james (Dec 24)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability research () vulnerability-lab com (Dec 24)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability Tomy (Dec 24)
- Re: CertificationMagazine - Blind SQL Injection Vulnerability Tomy (Dec 23)